This version has numerous fixes and enhancements.
It is compatible with the previous v3.2.1 release and onwards.
Maintainer: Moritz Warning <moritzwarning@web.de>
Signed-off-by: Rob White <rob@blue-wave.net>
PKG_NAME:=nodogsplash
PKG_FIXUP:=autoreconf
-PKG_VERSION:=3.2.1
-PKG_RELEASE:=2
+PKG_VERSION:=4.0.0
+PKG_RELEASE:=1
PKG_SOURCE_URL:=https://codeload.github.com/nodogsplash/nodogsplash/tar.gz/v$(PKG_VERSION)?
PKG_SOURCE:=nodogsplash-$(PKG_VERSION).tar.gz
-PKG_HASH:=16da76ecf7820cd8b32081237e05b24a7d2d8a9db8a47242badc7937d6cf1ae8
+PKG_HASH:=4cc3a9200380f03c8c3a71afc1fda0006b8e7bf70129f2419768a767b734da21
PKG_BUILD_DIR:=$(BUILD_DIR)/nodogsplash-$(PKG_VERSION)
PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
endef
define Package/nodogsplash/install
- $(CP) ./files/* $(1)/
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nodogsplash $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ndsctl $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/nodogsplash/htdocs/images
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_DIR) $(1)/usr/lib/nodogsplash
$(CP) $(PKG_BUILD_DIR)/resources/splash.html $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/splash.css $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/status.html $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/nodogsplash/htdocs/images/
+ $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/config/nodogsplash $(1)/etc/config/
+ $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/init.d/nodogsplash $(1)/etc/init.d/
+ $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/uci-defaults/40_nodogsplash $(1)/etc/uci-defaults/
+ $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/usr/lib/nodogsplash/restart.sh $(1)/usr/lib/nodogsplash/
+ $(CP) $(PKG_BUILD_DIR)/forward_authentication_service/PreAuth/demo-preauth.sh $(1)/usr/lib/nodogsplash/login.sh
+ $(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes.php $(1)/etc/nodogsplash/
endef
define Package/nodogsplash/postrm
+++ /dev/null
-
-# The options available here are an adaptation of the settings used in nodogsplash.conf.
-# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
-
-config nodogsplash
- # Set to 0 to disable nodogsplash
- option enabled 1
-
- # Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts.
- # This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries.
- option fwhook_enabled '1'
-
- # Serve the file splash.html from this directory
- option webroot '/etc/nodogsplash/htdocs'
-
- # Use plain configuration file
- #option config '/etc/nodogsplash/nodogsplash.conf'
-
- # Use this option to set the device nogogsplash will bind to.
- # The value may be an interface section in /etc/config/network or a device name such as br-lan.
- option gatewayinterface 'br-lan'
-
- option gatewayname 'OpenWrt Nodogsplash'
- option maxclients '250'
-
- # Enables debug output (0-7)
- #option debuglevel '7'
-
- # Client timeouts in minutes
- option preauthidletimeout '30'
- option authidletimeout '120'
- # Session Timeout is the interval after which clients are forced out (a value of 0 means never)
- option sessiontimeout '1200'
-
- # The interval in seconds at which nodogsplash checks client timeout status
- option checkinterval '600'
-
- # Enable BinAuth Support.
- # If set, a program is called with several parameters on authentication (request) and deauthentication.
- # Request for authentication:
- # $<BinAuth> auth_client <client_mac> '<username>' '<password>'
- #
- # The username and password values may be empty strings and are URL encoded.
- # The program is expected to output the number of seconds the client
- # is to be authenticated. Zero or negative seconds will cause the authentification request
- # to be rejected. The same goes for an exit code that is not 0.
- # The output may contain a user specific download and upload limit in KBit/s:
- # <seconds> <upload> <download>
- #
- # Called on authentication or deauthentication:
- # $<BinAuth> <*auth|*deauth> <incoming_bytes> <outgoing_bytes> <session_start> <session_end>
- #
- # "client_auth": Client authenticated via this script.
- # "client_deauth": Client deauthenticated by the client via splash page.
- # "idle_deauth": Client was deauthenticated because of inactivity.
- # "timeout_deauth": Client was deauthenticated because the session timed out.
- # "ndsctl_auth": Client was authenticated manually by the ndsctl tool.
- # "ndsctl_deauth": Client was deauthenticated by the ndsctl tool.
- # "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating.
- #
- # Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited.
- #
- #option binauth '/bin/myauth.sh'
-
- # Enable Forwarding Authentication Service (FAS)
- # If set redirection is changed from splash.html to a FAS (provided by the system administrator)
- # The value is the IP port number of the FAS
- #option fasport '80'
-
- # Option: fasremoteip
- # Default: GatewayAddress (the IP of NDS)
- # If set, this is the remote ip address of the FAS.
- #option fasremoteip '46.32.240.41'
-
- # Option: faspath
- # Default: /
- # This is the path from the FAS Web Root to the FAS login page
- # (not the file system root).
- #option faspath '/onboard-wifi.net/nodog/fas.php'
-
- # Option: fas_secure_enabled
- # Default: 1
- # If set to "1", authaction and the client token are not revealed and it is the responsibility
- # of the FAS to request the token from NDSCTL.
- # If set to "0", the client token is sent to the FAS in clear text in the query string of the
- # redirect along with authaction and redir.
- #option fas_secure_enabled '0'
-
- # Your router may have several interfaces, and you
- # probably want to keep them private from the network/gatewayinterface.
- # If so, you should block the entire subnets on those interfaces, e.g.:
- #list authenticated_users 'block to 192.168.0.0/16'
- #list authenticated_users 'block to 10.0.0.0/8'
-
- # Typical ports you will probably want to open up.
- #list authenticated_users 'allow tcp port 22'
- #list authenticated_users 'allow tcp port 53'
- #list authenticated_users 'allow udp port 53'
- #list authenticated_users 'allow tcp port 80'
- #list authenticated_users 'allow tcp port 443'
- # Or for happy customers allow all
- list authenticated_users 'allow all'
-
- # For preauthenticated users to resolve IP addresses in their
- # initial request not using the router itself as a DNS server,
- # Leave commented to help prevent DNS tunnelling
- #list preauthenticated_users 'allow tcp port 53'
- #list preauthenticated_users 'allow udp port 53'
-
- # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
- list users_to_router 'allow tcp port 22'
- list users_to_router 'allow tcp port 23'
- list users_to_router 'allow tcp port 53'
- list users_to_router 'allow udp port 53'
- list users_to_router 'allow udp port 67'
- list users_to_router 'allow tcp port 80'
-
- # MAC addresses that are / are not allowed to access the splash page
- # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
- #option macmechanism 'allow'
- #list allowedmac '00:00:C0:01:D0:0D'
- #list allowedmac '00:00:C0:01:D0:1D'
- #list blockedmac '00:00:C0:01:D0:2D'
-
- # MAC addresses that do not need to authenticate
- #list trustedmac '00:00:C0:01:D0:1D'
-
- # Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask.
- # This mask can conflict with the requirements of other packages such as mwan3, sqm etc
- # Any values set here are interpreted as in hex format.
- #
- # List: fw_mark_authenticated
- # Default: 30000 (0011|0000|0000|0000|0000 binary)
- #
- # List: fw_mark_trusted
- # Default: 20000 (0010|0000|0000|0000|0000 binary)
- #
- # List: fw_mark_blocked
- # Default: 10000 (0001|0000|0000|0000|0000 binary)
- #
- #list fw_mark_authenticated '30000'
- #list fw_mark_trusted '20000'
- #list fw_mark_blocked '10000'
-
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-#
-# Startup/shutdown script for nodogsplash captive portal
-#
-
-START=95
-STOP=95
-
-USE_PROCD=1
-
-IPT=/usr/sbin/iptables
-WD_DIR=/usr/bin
-# -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog
-# -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal
-OPTIONS="-s -f -d 5"
-CONFIG=""
-
-
-addline() {
- append CONFIG "$1" "$N"
-}
-
-setup_mac_lists() {
- local cfg="$1"
- local macs=""
- local val
-
- append_mac() {
- append macs "$1" ","
- }
-
- config_get val "$cfg" macmechanism
- if [ -z "$val" ]; then
- # Check if we have AllowedMACList or BlockedMACList defined they will be ignored
- config_get val "$cfg" allowedmac
- if [ -n "$val" ]; then
- echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
- fi
-
- config_get val "$cfg" blockedmac
- if [ -n "$val" ]; then
- echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
- fi
- elif [ "$val" = "allow" ]; then
- config_list_foreach "$cfg" allowedmac append_mac
- addline "AllowedMACList $macs"
- elif [ "$val" = "block" ]; then
- config_list_foreach "$cfg" blockedmac append_mac
- addline "BlockedMACList $macs"
- else
- echo "Invalid macmechanism '$val' - allow or block are valid." >&2
- exit 1
- fi
-
- macs=""
- config_list_foreach "$cfg" trustedmac append_mac
- if [ -n "$macs" ]; then
- addline "TrustedMACList $macs"
- fi
-}
-
-setup_firewall() {
- local cfg="$1"
- local uci_name
- local val
-
- append_firewall() {
- addline " FirewallRule $1"
- }
-
- for rule in authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router; do
- # uci does not allow dashes
- uci_name=${rule//-/_}
- addline "FirewallRuleSet $rule {"
- config_list_foreach "$cfg" "$uci_name" append_firewall
- addline "}"
- config_get val "$cfg" "policy_${uci_name}"
- if [ -n "$val" ]; then
- addline "EmptyRuleSetPolicy $rule $val"
- fi
- done
-}
-
-wait_for_interface() {
- local ifname="$1"
- local timeout=10
-
- for i in $(seq $timeout); do
- if [ $(ip -4 addr show dev $ifname 2> /dev/null | grep -c inet) -ne 0 ]; then
- break
- fi
- sleep 1
- if [ $i = $timeout ]; then
- echo "Interface $ifname not detected." >&2
- exit 1
- fi
- done
-}
-
-generate_uci_config() {
- local cfg="$1"
- local val
- local ifname
- local download
- local upload
-
- # Init config file content
- CONFIG="# auto-generated config file from /etc/config/nodogsplash"
-
- config_get val "$cfg" config
- if [ -n "$val" ]; then
- if [ ! -f "$val" ]; then
- echo "Configuration file '$file' doesn't exist." >&2
- exit 1
- fi
- addline "$(cat $val)"
- fi
-
- config_get ifname "$cfg" gatewayinterface
- if [ -z "$ifname" ]; then
- config_get ifname "$cfg" network
- fi
-
- # Get device name if interface name is a section name in /etc/config/network
- if network_get_device tmp "$ifname"; then
- ifname="$tmp"
- fi
-
- if [ -z "$ifname" ]; then
- echo "Option network or gatewayinterface missing." >&2
- exit 1
- fi
-
- wait_for_interface "$ifname"
-
- addline "GatewayInterface $ifname"
-
- for option in binauth fasport fasremoteip faspath fas_secure_enabled \
- daemon debuglevel maxclients gatewayname gatewayinterface gatewayiprange \
- gatewayaddress gatewayport webroot splashpage statuspage imagesdir pagesdir \
- redirecturl sessiontimeout preauthidletimeout authidletimeout checkinterval \
- setmss mssvalue trafficcontrol downloadlimit uploadlimit \
- syslogfacility ndsctlsocket fw_mark_authenticated \
- fw_mark_blocked fw_mark_trusted
- do
- config_get val "$cfg" "$option"
-
- if [ -n "$val" ]; then
- addline "$option $val"
- fi
- done
-
- config_get download "$cfg" downloadlimit
- config_get upload "$cfg" uploadlimit
-
- if [ -n "$upload" -o -n "$download" ]; then
- addline "TrafficControl yes"
- fi
-
- setup_mac_lists "$cfg"
- setup_firewall "$cfg"
-
- echo "$CONFIG" > "/tmp/etc/nodogsplash_$cfg.conf"
-}
-
-# setup configuration and start instance
-create_instance() {
- local cfg="$1"
- local val
-
- config_get_bool val "$cfg" enabled 0
- [ $val -gt 0 ] || return 0
-
- generate_uci_config "$cfg"
-
- procd_open_instance $cfg
- procd_set_param command /usr/bin/nodogsplash -c "/tmp/etc/nodogsplash_$cfg.conf" $OPTIONS
- procd_set_param respawn
- procd_set_param file "/tmp/etc/nodogsplash_$cfg.conf"
- procd_close_instance
-}
-
-start_service() {
- # For network_get_device()
- include /lib/functions
-
- # For nodogsplash.conf file
- mkdir -p /tmp/etc/
-
- config_load nodogsplash
- config_foreach create_instance nodogsplash
-}
-
-stop_service() {
- # When procd terminates nodogsplash, it does not exit fast enough.
- # Otherwise procd will restart nodogsplash twice. First time starting
- # nodogsplash fails, second time it succeeds.
- sleep 1
-}
+++ /dev/null
-#!/bin/sh
-
-uci -q batch <<-EOF
- delete firewall.nodogsplash
- set firewall.nodogsplash=include
- set firewall.nodogsplash.type=script
- set firewall.nodogsplash.path=/usr/lib/nodogsplash/restart.sh
- commit firewall
-EOF
+++ /dev/null
-#!/bin/sh
-
-# Check if nodogsplash is running
-if ndsctl status &> /dev/null; then
- if [ "$(uci -q get nodogsplash.@nodogsplash[0].fwhook_enabled)" = "1" ]; then
- /etc/init.d/nodogsplash restart
- fi
-fi
+++ /dev/null
-From af548c1f885e46309baa6aa175a3822fd16afb2a Mon Sep 17 00:00:00 2001
-From: Moritz Warning <moritzwarning@web.de>
-Date: Thu, 14 Mar 2019 17:19:40 +0100
-Subject: [PATCH] fix invalid pointer when clock is turned back
-
----
- src/util.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/util.c b/src/util.c
-index 621062d..77228bf 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -362,14 +362,14 @@ format_duration(time_t from, time_t to, char buf[64])
- {
- int days, hours, minutes, seconds;
- long long int secs;
-+ const char *neg = "";
-
- if (from <= to) {
- secs = to - from;
- } else {
- secs = from - to;
- // Prepend minus sign
-- buf[0] = '-';
-- buf += 1;
-+ neg = "-";
- }
-
- days = secs / (24 * 60 * 60);
-@@ -381,13 +381,13 @@ format_duration(time_t from, time_t to, char buf[64])
- seconds = secs;
-
- if (days > 0) {
-- sprintf(buf, "%dd %dh %dm %ds", days, hours, minutes, seconds);
-+ snprintf(buf, 64, "%s%dd %dh %dm %ds", neg, days, hours, minutes, seconds);
- } else if (hours > 0) {
-- sprintf(buf, "%dh %dm %ds", hours, minutes, seconds);
-+ snprintf(buf, 64, "%s%dh %dm %ds", neg, hours, minutes, seconds);
- } else if (minutes > 0) {
-- sprintf(buf, "%dm %ds", minutes, seconds);
-+ snprintf(buf, 64, "%s%dm %ds", neg, minutes, seconds);
- } else {
-- sprintf(buf, "%ds", seconds);
-+ snprintf(buf, 64, "%s%ds", neg, seconds);
- }
-
- return buf;
---
-2.20.1
-
projects / feed / routing.git / commitdiff